On Thu, 23 May 2013 21:47:30 +0200, "Christian Jullien" wrote:
> I get:
> [jullien at pastre]src$ gcc -o foo -pie foo.c && ./foo
> malloc 0
That should be:
gcc -o foo -fPIE -pie foo.c && ./foo
You need to compile the objects with -fPIE and link with -pie.
> Now the question, why do you link the binaries with -pie ? as in
Because pie is Position Independent Executable. For shared libs
you only need -fPIC.
The whole point of PIE binaries is that the entire executable, not
just the shared libraries, are position independent. On systems
that support address space layout randomization (ASLR) this makes
it harder to exploit bugs since the addresses change with each
invocation.
Now, I don't think that Solaris actually supports ASLR until version
11.1. Unfortunately, there isn't a good way to test for whether
PIE gives you a benefit in configure. As things stand now, if the
compiler appears to support it, sudo will attemp to use it.
- todd